Professionals working in IT are marking their companies down when it comes to their ability to prevent, detect and manage the consequences of a data breach. That’s according to a detailed study on the impact of data breaches commissioned by Centrify and conducted by The Ponemon Institute.

The global study of IT professionals in the UK, the US, Germany and Australia shows that less than half of global IT professionals are confident they have the ability to prevent, detect and resolve data breaches. In the UK, however, the picture is even more damning, with 70% of IT practitioners questioned not confident in their organisations’ abilities to prevent such breaches.

More worrying is the fact that, for the majority (63%) of IT professionals, the biggest concern following a data breach is loss of their jobs, which ranks above any loss of company reputation (43%) and time needed to recover decreasing productivity (41%). This is at a juncture when the industry is trying to cope with a worldwide shortage of qualified cyber security professionals. Indeed, not-for-profit information security group ISACA predicts there will be a global shortage of some two million cyber security professionals by 2019.

According to The Ponemon Institute’s study, over half (51%) of UK IT practitioners in organisations that had suffered a data breach believe one of the most negative consequences of such an event is greater scrutiny of the capabilities of the IT Department itself. This ranks above brand and reputational damage (35%) and loss of customer trust in the organisation (35%).

40% of IT professionals who took part in the study responded that their organisation had suffered a data breach involving sensitive customer or business information in the past two years.

“Organisations need to take a smarter approach to their security needs, implementing tools that are more efficient, consolidating vendors and platforms and empowering the people within their IT Departments,” said Andy Heather, vice-president for the EMEA region at Centrify. “Now more than ever, cyber security requires C-Suite involvement to ensure the IT Department has the right tools to be successful and isn’t just left in the hot seat to take the fall.”

Heather continued: “For years now, organisations have relied on a well-defined boundary to protect their assets. They knew where the perimeters of their networks and endpoints were, and kept their important assets on the safe side. However, things have changed. Today, the world as we know it is an increasingly complex digital canvas of identities that live in and out of the enterprise, changing the perimeter of the network such that there’s no perimeter at all. Traditional security measures are failing to safeguard against breaches. To avoid financial and reputational ruin, organisations simply must now rethink their approach to security.”

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)
Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.
In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.
In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award.
An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.
Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.
Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.
Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Contact Sales:

Archive Search

All rights reserved. No part of this website may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Content on this website, including materials available for download, are supplied solely for the private use of visitors to this site, and must not be redistributed by third party sites, or as part of any marketing or promotional material, without permission in writing from the publisher.While every care has been taken to ensure accuracy in the preparation of material included in Risk UK (both the hardcopy publications and this website), the publishers cannot be held responsible for the accuracy of the information contained herein, or any consequence arising from it.